Evaluating Threats & Automating Defense: How Google is Advancing Code Security
Heather Adkins, Four Flynn
[un]prompted 2026 — AI Security Practitioner Conference · Day 1 · 1
Google and Google DeepMind researchers presented two integrated AI projects — Big Sleep for autonomous vulnerability discovery and CodeMender for autonomous patch generation — with the explicit goal of eliminating every software vulnerability on Earth. Both systems achieve zero false positives through multi-stage verification pipelines, and together represent a blueprint for moving from "finding bugs" to "fixing software at the speed of AI." ---
AI review
Big Sleep and CodeMender are the real thing. Finding zero-false-positive vulns that OSS-Fuzz misses, then autonomously generating formally-verified patches that get merged — 178 of them — this is what the 'AI will fix security' thesis actually looks like when you stop talking about it and start shipping. Must attend.